本帖最後由 gfx86674 於 2017-2-1 01:03 編輯
回覆 15# yiucsw
VPN是雙向的,只要有VPN連接成,兩端都可以借這個隧道相互翻牆.
若是從香港 撥往中國 ,香港router的設置:- /ip firewall mangle add action=mark-routing chain=output dst-port=15252 \
- new-routing-mark=to_cn passthrough=no protocol=udp
- /ip route add distance=4 gateway="l2tp-out1" routing-mark=to_cn
- /ip firewall nat add action=masquerade chain=srcnat \
- comment=l2tp-out-cn out-interface="l2tp-out1"
若是從中國 撥往香港 ,香港router的設置:- /ip firewall mangle add action=mark-routing chain=output dst-port=15252 \
- new-routing-mark=to_cn passthrough=no protocol=udp
- /ip route add distance=4 gateway="<l2tp-cn>" routing-mark=to_cn \
- comment=l2tp-in-cn
- /ip firewall nat add action=masquerade chain=srcnat \
- comment=l2tp-in-cn out-interface="<l2tp-cn>"
- :local cn [/interface find name~"^<l2tp-cn"]
- :if ([:len $cn]>0) \
- do={
- :if ([:len $cn]>1 || ([:len $cn]=1 && [/interface get $cn name]!="<l2tp-cn>")) \
- do={:foreach i in=$cn do={/interface l2tp-server remove $i} ; :delay 2s}
- :delay 10s
- :local route [/ip route find comment="l2tp-in-cn"]
- :local nat [/ip firewall nat find comment="l2tp-in-cn"]
- :if ([/ip route get $route gateway]!="<l2tp-cn>" \
- || [/ip firewall nat get $nat out-interface]!="<l2tp-cn>") \
- do={/ip route set $route gateway="<l2tp-cn>"
- /ip firewall nat set $nat out-interface="<l2tp-cn>"}
- }
|
發表於 2017-2-1 00:18
|